Credentialing Compliance

The health care landscape has been impacted, eliciting more comprehensive programs recognized as imperative to provide safety and security. Health care executives are protecting their organizations as the health system is more vulnerable from harm due to this potential rise of risks, including COVID-19. They have expanded the scope of their credentialing program to include visitors and contractors. This shows a marked deviation from the historical standard, wherein only vendors and medical representatives required credentialing.

For example, in the U.S., health care's regulatory environment is increasingly challenging to navigate because of shifting regulations from various governing bodies. These factors have made a robust, technology-enabled credentialing and compliance program an absolute necessity. The health system continues in its search to protect patients and visitors and to admit contractors, vendors, representatives and suppliers to conduct necessary business. This, however, can only occur if these entities and individuals are properly credentialed.

Remaining compliant with health care regulations has always been costly. According to American Hospital Association (AHA) data from 2018, systems dedicated "approximately US$39 billion per year to comply with the administrative aspects of regulatory compliance" — or more than a quarter of annual hospital spending in the U.S. To contextualize this number, it costs health systems US$1,200 each time a patient was admitted to the hospital. The AHA data showed an average-sized community hospital spent nearly US$7.6 million annually to support compliance with evolving federal regulations. Credentialing has many positive aspects, such as helping ensure that payments are secured and made. Validation for sanctioned vendor entities by health systems helps ensure that these systems will receive their reimbursement from CMS or other insurance entities.

Many health care systems have struggled to remain compliant due to limited resources, insufficient investments and a lack of incentives for hospital employees. Because health care regulations frequently change, health care systems are also continuously and appropriately challenged to educate staff and manage day-to-day business operations across all facilities. In a 2020 survey, GHX data showed that 99 percent of health care systems can improve their existing credentialing compliance practices — and many health systems were not even aware that they were non-compliant. This has recently changed in the new era of the credentialing compliance program, where scorecards and metrics have provided more insightful guidance to assist the hospital system in closing compliance gaps. This is a new transition, and the use of DMAIC (define, measure, analyze, improve and control) has become a standard practice.

Building a credentialing compliance program

As credentialing compliance evolves, the need to create a framework-based program is even more critical. By using a five-part framework, the performance and safety of the hospital system can be improved. The credentialing program is a component of the overall compliance program, but it contributes to the comprehensive program's quality and continuing success. The five-part framework establishes guidance, focuses on best practices and reinforces good practice through metrics. Also, it provides critical components of concentration for the credentialing program.    

Five-part compliance framework for credentialing & badging:

• System-level

• Vendor entity level

• Representative and visitor level

• Document and policy level

• Badging

At the system level, health systems should ensure all facilities are covered from a vendor credentialing perspective and not simply primary acute care facilities. Examples of such facilities include ambulatory surgical centers, clinics and specialty centers, diagnostic centers and nursing facilities. GHX data showed more than half of systems do not enforce credentialing in non-acute facilities. The survey also indicated that ambulatory surgery centers and clinics were the least likely to have proper credentialing measures in place. Vendor credentialing across all facilities is becoming increasingly critical given the increased volume of procedures being handled outside the hospital. Additionally, GHX has found that most health systems have expensive, inefficient and parallel credentialling processes that make it challenging to remain compliant.

At the vendor entity level, health systems should require all vendors to be registered - not just those vendors comprising individuals who come on site or visit the OR, ICU or other clinical settings. This is an area for significant credentialing compliance gaps, especially in cases where vendors are not properly vetted and monitored. One example of routine monitoring is for sanctions against vendor entities and their representatives. A solution for this is to conduct a vendor analysis review. One way to run a quick litmus test is to compare a health system's accounts payable vendor list to the vendors tracked through the credentialing program. Often, only a fraction of paid vendors are registering with the credentialing program.

At the representative level, health systems must ensure that all representatives with whom they conduct business are appropriately credentialed — not just the medical/sales representatives. Unfortunately, many health systems have not required certain representatives, such as contractors and subcontractors, to register and complete credentialing in the past. GHX data showed that approximately 60 percent of vendor representatives that a health system should have registered and credentialed are, in fact, registered on credentialing platforms.

GHX found the highest levels of vendor compliance reside with on-site representatives who visit clinical settings (often pharmaceutical, sales and med-tech vendors). Conversely, lower compliance areas tend to include vendor representatives with access to non-clinical areas of the hospital (e.g., offices, cafeteria), and contractors. Importantly, with the increase in virtual and remote visits to the operating room or surgical suites, it’s notable these representatives are still conducting business and therefore require credentialing.

It is no longer just the on-site physical presence of the representative or contractor that needs to be credentialed, but those who remotely do business with the health care facility. This is the new era of the credentialing compliance program; the aim is to provide safety and security throughout the health care system.        

At the document and policy level, health care systems should require full compliance with their administrative rules, hospital policies and procedures. They should also require the completion of necessary documents and certifications. For instance, vendor information should include FEIN/tax ID numbers and monitor federal and multistate exclusion/sanction lists. In addition, criminal background attestation from the vendor representative’s employer may be obtained to note that the representative has passed a criminal background check. These individuals should also have required acknowledgments on file, along with immunization/vaccination records and educational training.

Compliance standards and procedures are established to prevent and detect deviations and ensure compliance is adhered to. In other words, the policies must be an integral part of the credentialing compliance program.

The badging level

All vendor representatives should obtain a badge to enter a facility. Any vendor representatives who do not meet credentialing requirements should be denied a badge. Perhaps the best requirement lies with the "No badge, No entry" rule. In response to heightened risk, including COVID-19, many health care executives are protecting their organization by expanding their focus to include visitor management. Health care systems should ensure all locations and departments require their representatives and visitors to check in and print a badge. This can be enabled by automating check-ins, including wellness checks and temperature scans. These check-in kiosks should be located in highly visible areas with the greatest expected foot traffic.

Technology-enabled compliance platform

Fortunately, modern technology-enabled vendor credentialing compliance solutions have emerged to minimize the manual effort and costs associated with becoming and remaining compliant. These solutions leverage a powerful combination of people, process, data reporting and technology to help health systems streamline the compliance effort.

Many health systems benefit from experienced credentialing experts to help plan the implementation of a credentialing and compliance program and undertake the work needed to properly credential representatives. Establishing appropriate vendor representative credentialing processes from the outset also makes it safe for them when visiting a hospital, as it ensures compliance with relevant regulations.

Providers have benefited from detailed reporting, which helps them simplify program management and prepare for accreditation audits. These reports (including representative requirement status, health system requirements, badge station activity log, non-compliant representative sign-in, representative risk profiles and vendor risk profiles) have also helped organizations identify gaps and issues that need to be addressed.

Lastly, technology has made it easier for providers to take control of their credentialing and compliance efforts. Hospital visitor dashboards have provided useful visualization to assist credentialing program owners in identifying areas of strength and weakness so that they may continue to improve and evolve compliance programs. Leveraging advanced technology kiosks and mobile applications has created a safer and easier check-in process for vendors, visitors and staff. Technology has not only helped to address constantly shifting infection control protocols; it has created a digital audit trail to help with contact tracing.

Follow the regulations: Never just once-and-done

Hospitals and health care systems must constantly improve and evolve their compliance processes to help address modern realities. Hospitals no longer have just a "flu season" during which they need to be vigilant. Instead, constant vigilance has become the new normal, particularly as regulations continue to shift.

It is vital for hospital systems to follow the Seven Fundamental Elements of an Effective Compliance Program outlined by the U.S. Office of the Inspector General (OIG), which oversees Health and Human Services. Health care facilities can use these seven elements to become and remain compliant. It is also vital for facilities to stress the importance of these elements from the top down to all hospital facility staff members.

Of those seven elements, adherence to standards — from OSHA to the Joint Commission, to OIG and beyond — is important as facilities develop the appropriate processes for access control. In the U.S., the "Protecting Worker Health and Safety" Executive Order, resulted in the creation of the Emergency Temporary Standard (ETS) on behalf of OSHA. Additionally, the Joint Commission has a standard in place that is centered solely on facilities creating a security management plan. For each of these standards, having a robust credentialing and compliance process in place is critical to adherence.

This is a new world and compliance efforts must keep pace. The COVID-19 pandemic has greatly increased the need for credentialing and compliance in hospitals and health systems across the country. Hospital policies are constantly shifting, and facilities must protect their patients, staff and vendors while avoiding the financial and reputational costs of non-compliance.

Academic Review Provided by Phillip Michael Abenojar RN, BSN, MS